From 5d1b41310682a599a16bcb95e18f56e62299059e Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 7 May 2021 10:48:13 +0900
Subject: [PATCH] scd: Fix memory leak for RDRNAME and serialize access.

* scd/apdu.c (close_pcsc_reader): Move locking to...
(apdu_close_reader): ... here, as it's also needed for CCID driver.
Free RDRNAME when closed.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 scd/apdu.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/scd/apdu.c b/scd/apdu.c
index e601e1a38..d34127a10 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -836,13 +836,11 @@ close_pcsc_reader (int slot)
       int i;
 
       /*log_debug ("%s: releasing context\n", __func__);*/
-      npth_mutex_lock (&reader_table_lock);
       if (pcsc.context)
         pcsc_release_context (pcsc.context);
       pcsc.context = 0;
       for (i = 0; i < MAX_READER; i++)
         pcsc.rdrname[i] = NULL;
-      npth_mutex_unlock (&reader_table_lock);
     }
   return 0;
 }
@@ -2338,15 +2336,21 @@ apdu_close_reader (int slot)
     }
   if (reader_table[slot].close_reader)
     {
+      npth_mutex_lock (&reader_table_lock);
       sw = reader_table[slot].close_reader (slot);
+      xfree (reader_table[slot].rdrname);
+      reader_table[slot].rdrname = NULL;
       reader_table[slot].used = 0;
+      npth_mutex_unlock (&reader_table_lock);
       if (DBG_READER)
         log_debug ("leave: apdu_close_reader => 0x%x (close_reader)\n", sw);
       return sw;
     }
+  npth_mutex_lock (&reader_table_lock);
   xfree (reader_table[slot].rdrname);
   reader_table[slot].rdrname = NULL;
   reader_table[slot].used = 0;
+  npth_mutex_unlock (&reader_table_lock);
   if (DBG_READER)
     log_debug ("leave: apdu_close_reader => SW_HOST_NOT_SUPPORTED\n");
   return SW_HOST_NOT_SUPPORTED;